Lucene search
K

9256 matches found

Metasploit
Metasploit
added 2016/07/12 4:14 p.m.72 views

Microsoft Windows Authenticated User Code Execution

This module uses a valid administrator username and password or password hash to execute an arbitrary payload. This module is similar to the "psexec" utility provided by SysInternals. This module is now able to clean up after itself. The service created by this tool uses a randomly chosen name an...

7.5CVSS6.9AI score0.63703EPSS
Exploits13
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.9 views

The vulnerability of microprogramming software in IBM and Lenovo laptops allows attackers to gain access to confidential information.

The microprogramming software of IBM and Lenovo laptops does not perform buffer cleanup after the password input process is completed. As a result, local malicious individuals can gain access to the BIOS password by directly reading the physical memory addresses used as buffers...

2.1CVSS5.6AI score0.00316EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.6 views

The vulnerability of the Linux operating system, which allows a malicious individual to trigger a local service failure

In the HID driver for the Zeroplus gaming manipulator, there is no mechanism for cleaning the entered information, which leads to local service failure...

4.7CVSS6.5AI score0.00419EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.4 views

The vulnerability of the Linux operating system, which allows a malicious individual to trigger a local service failure

In the HID driver for various Logitech devices, there is no mechanism for cleaning the entered information in real-time. This leads to a local failure in service provision...

4.7CVSS7.1AI score0.00394EPSS
Exploits0References2Affected Software1
Exploit DB
Exploit DB
added 2016/06/17 12:0 a.m.47 views

WordPress Plugin Gravity Forms 1.8.19 - Arbitrary File Upload

an Exploiter by AnonGuy\n"; $domain = @$argv1 == '' ? 'http://localhost/wordpress' : @$argv1; $url = "$domain/?gfpage=upload"; $shell = "$domain/wp-content/input3khan.php5"; $separator = '-------------------------------------------------------------------'; $ch = curlinit$url; curlsetopt$ch,...

7.4AI score
Exploits0
CNVD
CNVD
added 2016/06/06 12:0 a.m.2 views

Google Chrome browsing_data_remover.cc Spoofing Vulnerability

Google Chrome is a web browsing tool developed by Google. Google Chrome versions prior to 51.0.2704.63, browser/browsingdata/browsingdataremover.cc removes HPKP within Cache Cleanup, a spoofing vulnerability exists, which can be exploited by remote attackers to spoof websites...

5.3CVSS9AI score0.01004EPSS
Exploits0References1
OSV
OSV
added 2016/06/05 11:59 p.m.3 views

UBUNTU-CVE-2016-1693

browser/safebrowsing/srtfieldtrialwin.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chromecleanuptool.exe aka CCT file via a man-in-the-middle attack on an HTTP session...

5.3CVSS6.8AI score0.01158EPSS
Exploits0References3
hackapp
hackapp
added 2016/06/03 10:22 a.m.15 views

Sweet Baby Girl Cleanup 4 - Customized SSL, Dangerous filesystem permissions, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application Sweet Baby Girl Cleanup 4 published at the 'play' market has multiple vulnerabilities...

Exploits0References1Affected Software1
appercut
appercut
added 2016/06/01 12:0 a.m.680 views

LogicalDoc Document Managment System CE: source code security analysis report

Several vulnerabilities were discovered in LogicalDOC 'LogicalDoc Document Managment System CE' software: Утечка пользовательских данных между сессиями Использование XSL трансформации для исполнения произвольного кода Отсутствие верификации цифровой подписи исполняемых файлов, полученных из...

8.1AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 10:17 a.m.14 views

Princess Castle Cleanup - Customized SSL, Dangerous filesystem permissions, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application Princess Castle Cleanup published at the 'play' market has multiple vulnerabilities...

0.1AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 9:37 a.m.12 views

Avast Cleanup & Boost - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application Avast Cleanup & Boost published at the 'play' market has multiple vulnerabilities...

0.7AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/03/31 12:0 a.m.6 views

The vulnerability of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the wificleanup function bcmdhd/wifihal/wifihal.cpp in the Android operating system’s Wi-Fi component is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to increase their privileges by gaining access to the local physical...

8.3CVSS7.7AI score0.00555EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2016/03/15 12:28 p.m.5 views

USN-2933-1 exim4 vulnerabilities

It was discovered that Exim incorrectly filtered environment variables when used with the perlstartup configuration option. If the perlstartup option was enabled, a local attacker could use this issue to escalate their privileges to the root user. This issue has been fixed by having Exim clean th...

7CVSS7.3AI score0.05901EPSS
Exploits13References3
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.30 views

Fedora 23 : pcs-0.9.149-2.fc23 (2016-cdd4228cc7)

Re-synced to upstream sources Security fix for CVE-2016-0720, CVE-2016-0721 - Rubygems built with RELRO Spec file cleanup Fixed multilib .pyc/.pyo issue ---- Re-synced to upstream sources Security fix for CVE-2016-0720, CVE-2016-0721 Rubygems built with RELRO Spec file cleanup Fixed multilib...

8.8CVSS7.6AI score0.02294EPSS
Exploits0References5
CNVD
CNVD
added 2016/02/11 12:0 a.m.4 views

Android memory misreference vulnerability (CNVD-2016-01054)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, with Wi-Fi as one of the wireless connectivity components. A memory misreference vulnerability exists in the 'wificleanup' function in the bcmdhd/wifihal/wifihal.cpp file in Wi-Fi...

8.8CVSS6.7AI score0.00555EPSS
Exploits0References1
OSV
OSV
added 2016/02/07 1:59 a.m.3 views

UBUNTU-CVE-2016-0809

Use-after-free vulnerability in the wificleanup function in bcmdhd/wifihal/wifihal.cpp in Wi-Fi in Android 6.x before 2016-02-01 allows attackers to gain privileges by leveraging access to the local physical environment during execution of a crafted application, aka internal bug 25753768...

8.8CVSS7.4AI score0.00555EPSS
Exploits0References4
OSV
OSV
added 2016/01/22 12:0 a.m.2 views

UBUNTU-CVE-2016-0727

The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to...

7.8CVSS7.2AI score0.01254EPSS
Exploits3References4
OSV
OSV
added 2016/01/13 12:31 p.m.6 views

SUSE-SU-2016:0101-1 Security update for openstack-glance

This update for openstack-glance provides the following fixes: - Catch NotAuthenticated exception in import task. bsc947735, CVE-2015-5286 - Cleanup chunks for deleted image if token expired. bsc947735, CVE-2015-5286 - Prevent image status being directly modified via v1. bsc945994, CVE-2015-5251 ...

6.8CVSS6.2AI score0.02376EPSS
Exploits0References6
seebug.org
seebug.org
added 2015/12/25 12:0 a.m.55 views

Microsoft Windows Win32k 特权提升漏洞( MS15-010)

来源链接:http://www.freebuf.com/vuls/90501.html FreeBuf黑客与极客(FreeBuf.COM) 原文地址:http://hdwsec.fr/blog/CVE-2015-0057.html,编译/FB小编鸢尾 概述 这是一个use-after-free内核漏洞,它能获取一个专属的write primitive操作,之后侵染临近的一个对象。这个yields语句可以在内核空间或者用户空间随意写入。...

7.2CVSS6.5AI score0.12752EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2015/12/22 12:0 a.m.18 views

Scientific Linux Security Update : net-snmp on SL7.x x86_64 (20151119)

A denial of service flaw was found in the way snmptrapd handled certain SNMP traps when started with the '-OQ' option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected, it would cause snmptrapd to crash. CVE-2014-3565 This update...

5CVSS6.8AI score0.04619EPSS
Exploits1References2
Rows per page
Query Builder